** Changed in: poppler
Status: Confirmed => Unknown
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/599439
Title:
evince crashed with SIGSEGV in JPXStream::readTilePartData()
Status in Poppler:
Unknown
Status in poppler package in Ubuntu:
Triaged
Bug description:
evince crashes with the following valgrind output when opening the attached
file.
$ valgrind evince sample.pdf
==12903== Memcheck, a memory error detector.
==12903== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==12903== Using LibVEX rev 1884, a library for dynamic binary translation.
==12903== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==12903== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation
framework.
==12903== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==12903== For more details, rerun with: -v
==12903==
Error: PDF file is damaged - attempting to reconstruct xref table...
==12903== Thread 2:
==12903== Use of uninitialised value of size 4
==12903== at 0x4E1E47F: JPXStream::readTilePartData(unsigned int, unsigned
int, int) (JPXStream.cc:1951)
==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924)
==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int)
(JPXStream.cc:1366)
==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735)
==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272)
==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419)
==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*,
Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int,
GfxImageColorMap*) (CairoOutputDev.cc:1485)
==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857)
==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526)
==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771)
==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642)
==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611)
==12903==
==12903== Use of uninitialised value of size 4
==12903== at 0x4E1E48A: JPXStream::readTilePartData(unsigned int, unsigned
int, int) (JPXStream.cc:1952)
==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924)
==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int)
(JPXStream.cc:1366)
==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735)
==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272)
==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419)
==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*,
Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int,
GfxImageColorMap*) (CairoOutputDev.cc:1485)
==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857)
==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526)
==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771)
==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642)
==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611)
==12903==
==12903== Conditional jump or move depends on uninitialised value(s)
==12903== at 0x4E1E509: JPXStream::readTilePartData(unsigned int, unsigned
int, int) (JPXStream.cc:1977)
==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924)
==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int)
(JPXStream.cc:1366)
==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735)
==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272)
==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419)
==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*,
Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int,
GfxImageColorMap*) (CairoOutputDev.cc:1485)
==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857)
==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526)
==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771)
==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642)
==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611)
==12903==
==12903== Use of uninitialised value of size 4
==12903== at 0x4E1E515: JPXStream::readTilePartData(unsigned int, unsigned
int, int) (JPXStream.cc:1978)
==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924)
==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int)
(JPXStream.cc:1366)
==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735)
==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272)
==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419)
==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*,
Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int,
GfxImageColorMap*) (CairoOutputDev.cc:1485)
==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857)
==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526)
==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771)
==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642)
==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611)
==12903==
==12903== Invalid read of size 4
==12903== at 0x4E1E515: JPXStream::readTilePartData(unsigned int, unsigned
int, int) (JPXStream.cc:1978)
==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924)
==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int)
(JPXStream.cc:1366)
==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735)
==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272)
==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419)
==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*,
Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int,
GfxImageColorMap*) (CairoOutputDev.cc:1485)
==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857)
==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526)
==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771)
==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642)
==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611)
==12903== Address 0x10 is not stack'd, malloc'd or (recently) free'd
==12903==
==12903== Process terminating with default action of signal 11 (SIGSEGV)
==12903== Access not within mapped region at address 0x10
==12903== at 0x4E1E515: JPXStream::readTilePartData(unsigned int, unsigned
int, int) (JPXStream.cc:1978)
==12903== by 0x4E1F5CD: JPXStream::readTilePart() (JPXStream.cc:1924)
==12903== by 0x4E20766: JPXStream::readCodestream(unsigned int)
(JPXStream.cc:1366)
==12903== by 0x4E225C9: JPXStream::readBoxes() (JPXStream.cc:735)
==12903== by 0x4E227EC: JPXStream::reset() (JPXStream.cc:272)
==12903== by 0x4EA33E2: ImageStream::reset() (Stream.cc:419)
==12903== by 0x4739923: CairoOutputDev::drawSoftMaskedImage(GfxState*,
Object*, Stream*, int, int, GfxImageColorMap*, Stream*, int, int,
GfxImageColorMap*) (CairoOutputDev.cc:1485)
==12903== by 0x4E5C9B5: Gfx::doImage(Object*, Stream*, int) (Gfx.cc:3857)
==12903== by 0x4E60894: Gfx::opXObject(Object*, int) (Gfx.cc:3526)
==12903== by 0x4E52AB9: Gfx::execOp(Object*, Object*, int) (Gfx.cc:771)
==12903== by 0x4E5307E: Gfx::go(int) (Gfx.cc:642)
==12903== by 0x4E55AEE: Gfx::display(Object*, int) (Gfx.cc:611)
==12903== If you believe this happened as a result of a stack overflow in
your
==12903== program's main thread (unlikely but possible), you can try to
increase
==12903== the size of the main thread stack using the --main-stacksize= flag.
==12903== The main thread stack size used in this run was 8388608.
==12903==
==12903== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 243 from 4)
==12903== malloc/free: in use at exit: 262,485,146 bytes in 86,891 blocks.
==12903== malloc/free: 263,012 allocs, 176,121 frees, 277,245,884 bytes
allocated.
==12903== For counts of detected errors, rerun with: -v
==12903== Use --track-origins=yes to see where uninitialised values come from
==12903== searching for pointers to 86,891 not-freed blocks.
==12903== checked 212,587,460 bytes.
==12903==
==12903== LEAK SUMMARY:
==12903== definitely lost: 25,170 bytes in 994 blocks.
==12903== possibly lost: 202,348 bytes in 229 blocks.
==12903== still reachable: 262,257,628 bytes in 85,668 blocks.
==12903== suppressed: 0 bytes in 0 blocks.
==12903== Rerun with --leak-check=full to see details of leaked memory.
Killed
ProblemType: Crash
Architecture: i386
DistroRelease: Ubuntu 9.04
ExecutablePath: /usr/bin/evince
Package: evince 2.26.1-0ubuntu1
ProcCmdline: evince tehfu-113_2.pdf
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.UTF-8
Signal: 11
SourcePackage: evince
StacktraceTop:
JPXStream::readTilePartData (this=0x9264fd8, tileIdx=3,
JPXStream::readTilePart (this=0x9264fd8)
JPXStream::readCodestream (this=0x9264fd8, len=0)
JPXStream::readBoxes (this=0x9264fd8) at JPXStream.cc:735
JPXStream::reset (this=0x9264fd8) at JPXStream.cc:272
Title: evince crashed with SIGSEGV in JPXStream::readTilePartData()
Uname: Linux 2.6.28-19-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
To manage notifications about this bug go to:
https://bugs.launchpad.net/poppler/+bug/599439/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
